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Abstract. We propose and evaluate antichain algorithms to solve the universality and 
language inclusion problems for nondeterministic Biichi automata, and the emptiness prob- 
lem for alternating Biichi automata. To obtain those algorithms, we establish the existence 
of simulation pre-orders that can be exploited to efficiently evaluate fixed points on the au- 
tomata defined during the complementation step (that we keep implicit in our approach). 
We evaluate the performance of the algorithm to check the universality of Biichi automata 
using the random automaton model recently proposed by Tabakov and Vardi. We show 
that on the difficult instances of this probabilistic model, our algorithm outperforms the 
standard ones by several orders of magnitude. 



1. Introduction 

In the automata-based approach to model-checking [VW86, VW94J, programs and prop- 
erties are modeled by finite automata. Let A be a finite automaton that models a program 
and let B be a finite automaton that models a specification that the program should satisfy. 
Correctness is defined by the language inclusion C(A) C C(B), that is all traces of the pro- 
gram (executions) should be traces of the specification. To solve the inclusion problem, the 
classical automata-theoretic solution constructs an automaton for C C {B) the complement 
of the language of the automaton B and then checks that C{A) n C C (B) is empty (the later 
intersection being computed as a synchronised product). 
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In the finite case, the program and the specification are automata over finite words 
(NFA) and the construction for the complementation is conceptually simple: it is achieved 
by a classical subset construction. In the case of infinite words, the program and (or at 
least) the specification are nondeterministic Biichi automata (NBW). The NBW are also 
complementable; this was first proved by Biichi [Biic62]. However, the result is much harder 
to obtain than in the case of NFA. The original construction of Biichi has a 2°( 2n ) worst 
case complexity (where n is the size of the automaton to complement) which is not optimal. 
In the late eighties Safra in }Saf88j . and later Kupferman and Vardi in [KV01], have given 
optimal complementation procedures that have 2°( nlogn ) complexity (see [Mic88] for the 
lower bound). While for finite words, the classical algorithm has been implemented and 
shown practically usable, for infinite words, the theoretically optimal solution is difficult 
to implement and very few results are known about their practical behavior. Recent im- 
plementations have shown that applying these algorithms for automata with more than 
around ten states is hard jTV07, GKSV03]. Such sizes are clearly not sufficient in practice. 
As a consequence, tools like Spin [RH04J that implement the automata-theoretic approach 
to model-checking ask either that the complement of the specification is explicitly given or 
they limit the specification to properties that are expressible in LTL. 

In this paper, we propose a new approach to check C(A) C C(B) that can handle 
much larger Biichi automata. In a recent paper, we have shown that the classical subset 
construction can be avoided and kept implicit for checking language inclusion and language 
universality for NFA and their alternating extensions [DDHR06]. Here, we adapt and extend 
that technique to the more intricate case of automata on infinite words. 

To present the intuition behind our new techniques, let us consider a simpler setting of 
the problem. Assume that we are given a NBW B and we want to check if S w C C(B), that 
is to check if C(B) is universal. First, remember that C(B) is universal when its complement 
C C (B) is empty. The classical algorithm first complements B and then checks for emptiness. 
The language of a NBW is nonempty if there exists an infinite run of the automaton that 
visits accepting locations infinitely often. The existence of such a run can be established in 
polynomial time by computing the following fixed point T = vy-fj,x- (Pre(x) U (Pre(y) fla)) 
where Pre is the predecessor operator of the automaton (given a set L of locations it returns 
the set of locations that can reach L in one step) and a is the set of accepting locations 
of the automaton. The automaton is non-empty if and only if its initial location is a 
member of the fixed point T. This well-known algorithm is quadratic in the size of the 
automaton. Unfortunately, the automaton that accepts the language C C (B) is usually huge 
and the evaluation of the fixed point is unfeasible for all but the smallest specifications B. To 
overcome this difficulty, we make the following observation: if ^ is a simulation pre-order on 
the locations of B c [1% < £2 means £\ can simulate £2) which is compatible with the accepting 
condition (if £\ H £ 2 and £2 € a then £\ G a), then the sets that are computed during the 
evaluation of T are all -<- downward- closed (if an element £ is in the set then all £' ^ £ are also 
in the set). Then ^-downward-closed sets can be represented by their ^-maximal elements 
and if operations on such sets can be computed directly on their representation, we have the 
ingredients to evaluate the fixed point in a more efficient way. For an automaton B over finite 
words, set inclusion would be a typical example of a simulation relation for B c [DDHR06J. 
The same technique can be applied to avoid subset constructions in games of imperfect 
information [DDR06, CDHR07]. We generically call antichain algorithms the techniques 
that are based on compact representation of downward-closed because when the simulation 
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is a partial order (and it usually is), the maximal elements form an antichain, i.e., a set of 
incomparable elements. 

We show that the classical constructions for Biichi automata that are used in the 
automata-theoretic approach to model-checking are all equipped with a simulation pre- 
order that exists by construction and does not need to be computed. On that basis we 
propose antichain algorithms to check universality of NBW, language inclusion for NBW, 
and emptiness of alternating Biichi automata (ABW). Each of these problems reduces to 
emptiness checking of NBW, via classcial constructions. 

The novelty of our antichain algorithms is to realize that only downward-closed sets 
can be computed by the fixed point for emptiness, and therefore to use more succinct 
representations of those downward-closed sets, by storing maximal elements only. Moreover, 
such compact representations do not come at the price of an increase in the time complexity 
for the basic operations that are necessary to check emptiness (such as n, U, and Pre), i.e., we 
show that they are computable in time polynomial in the size of the compact representation, 
while this size can be exponentially smaller than the actual downward-closed set. Note that, 
while a compact representation exists in general (i.e., for any simulation pre-order), we have 
no generic result that would show that efficient computations can be done symbolically in 
all cases. Therefore, we have to instantiate the approach for each class of problem, and find 
efficient algorithms for the basic operations. 

We evaluate an implementation of our algorithm for the universality problem of NBW 
and on a randomized model recently proposed by Tabakov and Vardi. We show that the 
performance of the antichain algorithm on this randomized model outperforms by several 
order of magnitude the existing implementations of the Kupferman- Vardi algorithm |TV07t 
GKSV03J. While the classical solution is limited to automata of size 8 for some parameter 
values of the randomized model, we are able to handle automata with more than one 
hundred locations for the same parameter values. We have identified the hardest instances 
of the randomized model for our algorithms and show that we can still handle problems 
with several dozens of locations for those instances. 

Structure of the paper. In Section [2j we give all necessary definitions related to Biichi au- 
tomata, and we recall the Kupferman- Vardi and Miyano-Hayashi constructions that are 
used for complementation of NBW. The reader interested in the general theory behind our 
technique can read Section [3] without going into the details of those constructions (only 
the definitions of NBW and emptiness are useful to understand Section [3|) . The notion of 
simulation pre-order for a Biichi automaton is presented and we prove that the fixed point 
needed to establish emptiness of nondeterministic Biichi automata handles only downward 
closed sets for such pre-orders. We use this observation in Section [5] to define an antichain 
algorithm to decide emptiness of ABW. In Section [5j we adapt the technique for the uni- 
versality problem of NBW. In Section EJ we report on the performances of the algorithm 
for universality, and in Section [7J we extend those ideas to obtain an antichain algorithm 
for language inclusion of NBW. 

2. Buchi Automata and Classical Algorithms 

Definition 2.1. An alternating Biichi automaton (ABW) is a tuple A = (Loc, i, S, 6, a) 
where: 

• Loc is a finite set of states (or locations). The size of A is |.4| = |Loc|; 
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• t£ Loc is the initial state; 

• E is a finite alphabet; 

• 5 : Loc x E — > £? + (l_oc) is the transition function where *8 + (Loc) is the set of positive 
boolean formulas over Loc, i.e. formulas built from elements in Loc U {true, false} using 
the boolean connectives A and V; 

• a C Loc is the set of accepting states. 

We say that a set X C Loc satisfies a formula ip G £> + (Loc) (noted X \= (p) iff the 
truth assignment that assigns true to the members of X and assigns false to the members of 
Loc\X satisfies cp. A run of A on an infinite word w = gq ■ o~\ . . . is a DAG T w = (V, v t , — ►) 
where: 

• V = Loc x N is the set of nodes. A node (£, i) represents the state £ after the first i 
letters of the word w have been read by A. Nodes of the form (£, i) with £ G a are called 
a-nodes; 

• v L = (l, 0) G V is the root of the DAG; 

• and — > C V x V is such that (?) if (£, i) — > i') then i' = i + 1 and (n) for every 

G V, the set {f | (£,i) (f ,i + 1)} satisfies the formula 5(£,ai). 
We say that i + 1) is a successor of (£, i) if (£, i) — > (£', z + 1), and we say that (£', i') 
is reachable from if ^* (£',i ! ). 
A run = (V, u t , — ►) of ^4 on an infinite word to is accepting iff all its infinite paths 7r 
rooted at u t visit a-nodes infinitely often. An infinite word w € is accepted by .A if there 
exists an accepting run on it. We denote by C(A) the set of infinite words accepted by A, 
and by C C (A) the set of infinite words that are not accepted by A. 

Definition 2.2. A nondeterministic Biichi automaton (NBW) is an ABW whose transition 
function is restricted to disjunctions over Loc. 

Runs of NBW reduce to (linear) traces. The transition function of NBW is often 
seen as a function [Q x S — > 2®] and we write 5(£,a) = . . . ,£ n } instead of 5(£,a) = 
£\ V £2 V • • • V £ n . We note by Pre^(L) the set of predecessors by a of the set L: Pre^(L) = 
{£ G Loc I Btf G L : £' E 5(1, a)}. Let Pre A (L) = {£ G Loc | 3a G E : £ G Pre^(L)}. 

Problems. The emptiness problem for NBW is to decide, given an NBW A, whether 
C(A) = 0. This problem is solvable in polynomial time. The symbolic approach through 
fixed point computation is quadratic in the size of A [EL86], Other symbolic approaches 
have been proposed with better complexity bounds [BGS00, GPP03J, but the fixed point 
computation shows better performances in practice [RBS00] . 

The universality problem for NBW is to decide, given an NBW A over the alphabet E 
whether C(A) = E 1 ^ where E"-' is the set of all infinite words on E. This problem is PSpace- 
complete [S VW87] . The classical algorithm to decide universality is to first complement the 
NBW and then to check emptiness of the complement. The difficult step is the complemen- 
tation as it may cause an exponential blow-up in the size of the automaton. There exist 
two types of construction, one is based on a determinization of the automaton [Saf88] and 
the other uses ABW as an intermediate step |KV01], We review the second construction 
below. 

The language inclusion problem for NBW is to decide, given two NBW A and £>, whether 
£(A) Q £(£>)• This problem is central in model-checking and it is PSPACE-complete in the 
size of B. The classical solution consists in checking the emptiness of C(A) H C C (B), which 
again requires the expensive complementation of B. 
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The emptiness problem for ABW is to decide, given an ABW A, whether C{A) = 0. 
This problem is also PSPACE-complete and it can be solved using a translation from ABW 
to NBW that preserves the language of the automaton [MH84J. Again, this construction 
involves an exponential blow-up that makes explicit implementations feasible only for au- 
tomata limited to around ten states. However, the emptiness problem for ABW is very 
important in practice for LTL model-checking as there exist efficient polynomial transla- 
tions from LTL formulas to ABW [GOOl]. The classical construction is presented below. 

Kupferman-Vardi construction. Complementation of ABW is straightforward by dual- 
izing the transition function (by swapping A and V, and swapping true and false in each 
formulas) and interpreting the accepting condition a as a co-Biichi condition, i.e. a run T w 
is accepted if all its infinite paths have a suffix that contains no a-nodes. 

The result is an alternating co-Biichi automaton (ACW). The accepting runs of ACW 
have a layered structure that has been studied in [KV01] . where the notion of rank is 
defined. The rank is a nonnegative integer associated to each node of an accepting run T w 
of an ACW on a word w. Let Gq = T w . Nodes of rank are those nodes from which only 
finitely many nodes are reachable in Gq. Let G\ be the run T w from which all nodes of rank 
have been removed. Then, nodes of rank 1 are those nodes of G\ from which no a-node is 
reachable in G±. For all i > 2, let Gi be the run T w from which all nodes of rank 0, . . . , i — 1 
have been removed. Then, nodes of rank 2i are those nodes of Gn from which only finitely 
many nodes are reachable in G 2 i, and nodes of rank 2i + 1 are those nodes of G 2 i+i from 
which no a-node is reachable in Gzi+i- Intuitively, the rank of a node (£, i) hints how 
difficult it is to prove that all the paths of T w that start in (£, i) visit a-nodes only finitely 
many times. It can be shown that every node has a rank between and 2(|Loc| — |a|), 
and all a-nodes have an even rank [GKSV03]. The layered structure of the runs of ACW 
induces a construction to complement ABW |KV01j . We present this construction directly 
for NBW. 

Definition 2.3 QKVOlj ). Given a NBW A = (Loc, l, E, 5, a) and an even number k G N, 
let K\/(A, k) = (Loc', </, S, 5', a') be an ABW such that: 

• Loc' = Loc x [k] where [k] = {0, 1, . . . , k}. Intuitively, the automaton KV(.4, k) is in state 
(£, n) after the first i letters of the input word w have been read if it guesses that the 
rank of the node (£, i) in a run of A on w is at most n; 

• i' = (i,k); 

. ( false if I G a and i is odd 

. «£, a) = | Vo ^.(^ otherwise 

For example, if 8(£,a) = {£1,^2}, then 

5'((i, 2), a) = ((4,2) V (£ u 1) V (£ l7 0)) A ((£ 2 , 2) V (£ 2 , 1) V (4,0)) 

• a' = Loc x [k] odd where [k] odd is the set of odd numbers in [k]. 

The ABW specified by the Kupferman-Vardi construction accepts the complement lan- 
guage of C{A) and its size is quadratic in the size of the original automaton A. 

Theorem 2.4 ( [KVOlp . For all NBW A = (Loc, l, S, 8, a), for all < k' < k, we have 
C(KV(A, k')) C £{KV{A, k)) and for k = 2(|Loc| - |a|), we have £(KV(A k)) = C C {A). 
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Miyano-Hayashi construction. Classically, to check emptiness of ABW, a variant of 
the subset construction is applied that transforms the ABW into a NBW that accepts the 
same language [MH 84] . Intuitively, the NBW maintains a set s of states of the ABW that 
corresponds to a whole level of a guessed run DAG of the ABW. In addition, the NBW 
maintains a set o of states that "owe" a visit to an accepting state. Whenever the set o 
gets empty, meaning that every path of the guessed run has visited at least one accepting 
state, the set o is initiated with the current level of the guessed run. It is asked that o gets 
empty infinitely often in order to ensure that every path of the run DAG visits accepting 
states infinitely often. The construction is as follows. 

Definition 2.5 ( [MH84] ). Given an ABW A = (Loc, l, S, 8, a), define MH(„4) as the NBW 
(2 1 -ocx2 Loc ) ({t},0),S,<5 / ,Q! / ) where a' = 2 Loc x{0} and 8' is defined, for all (s,o) G 2 Loc x2 Loc 
and a G E, as follows: 

• If o ^ 0, then 

8'((s,o),a) = {(s',o'\a) \ d C s',s' \= /\8(£,a) and d \= /\8(£,a)} 

e<=s eeo 

• If o = 0, then 8'((s,o),a) = {(s',s'\a) \ d (= /\ ies 8(£,a)}. 

The size of the Miyano-Hayashi construction is exponential in the size of the original 
automaton. 

Theorem 2.6 ([MH84]). For all ABW A, we have C(MH(A)) = C(A). 

The size of the automaton obtained after the Kupferman-Vardi and the Miyano-Hayashi 
construction is an obstacle to the direct implementation of the method. 

Direct complementation. In our solution, we implicitly use the two constructions to 
complement Biichi automata but, as we will see, we do not construct the automata. For 
the sake of clarity, we give below the specification of the automaton that would result from 
the composition of the two constructions. In the definition of the state space, we omit the 
states (£, i) for £ £ a and i odd, as those states have no successor in the Kupferman-Vardi 
construction. 

Definition 2.7. Given a NBW A = (Loc, l, S, 5, a) and an even number k G N, let 
KVMH(^, k) = (Q k x Q k , q L , S, 5', a') be a NBW such that: 

• Q k = 2 (L°cx[fc])\( a xN°* i ) where n odd ig the get of odd natural numbers; 

• q t = ({(h k)}, 0); 

• Let odd = Loc x [k] odd ; 5' is defined for all s,o G Qk and a G X, as follows: 

— If o ^ 0, then 5'((s, o),a) is the set of pairs (s 1 , d \ odd) such that: 

(i) d C s '\ 

(ii) V(£, n) G s ■ W G 8(1, a)-3n' < n : (£' , ri) G s'; 
(in) V(£, n)(£o-\/£' (£ 5(£, a) ■ 3ri < n : (£', n') G d. 

— If o = 0, then 5'((s, o),a) is the set of pairs (d, s' \ odd) such that: 

V(4 n) G s ■ Vf G 8(1, o-)-3n' < n : (£', ri) G d . 
. a' = Q k x {0}; 

We write (s,o) (s',o') to denote (s',o') G 8'((s,o),(r). 
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Figure 1: Simulation (Definition 13. ip . 



Theorem 2.8 ( [KVQH [MH84] ) . For every NBW A = (Loc, t, E, 6, a) and for all < k' < k, 
we have C(KVMH(A, k')) C £(KVMH(.A, fc)). 7n case of k = 2(|Loc| - |a|), we afeo /iave 
£(KVMH(„4,fc)) = £ c („4). 

In the sequel, we denote by KVMH(^4) the automaton KVMH(.4, 2(|Loc| — \a\)), and we 
denote by Q x Q its set of states (we omit the subscript k). 

3. Simulation Pre-Orders and Fixed Points 

Let A = (Loc, i, E, 5, a) be a NBW. Let (2 Loc , C, U, D, 0, Loc) be the powerset lattice of 
locations. The fixed point formula J- a = uy ■ fj,x ■ (Pre^(x) U (Pre^(y) n a)) can be used to 
check emptiness of A as we have C{A) ^ iff l £ J-j±. Intuitively, the greatest fixed point 
vy in J- a computes in the n-th iteration the set of states from which n accepting states can 
be visited with some word. When this set stabilizes, infinitely many visits to an accepting 
state are possible. 

We show in this section that a certain structural property of the NBW is tightly cor- 
related to the structure of the sets that are computed by the fixed point Tj^. The key 
property is the notion of simulation relation for finite automata. Let <£- Loc x Loc be a 
pre-order and let i\ -< £ 2 iff h di h and £ 2 ii£\- 

Definition 3.1. A pre-order -< is a simulation for A iff the following properties hold: 

• for all £i,£2,^3 £ Loc, for all a £ E, if £3 ■< £\ and £2 £ $(£1, a) then there exists £/± £ Loc 
such that £4 £2 and £4 £ S(£s,a) (see illustration in Figured]); 

• for all £ £ a, for all £' £ Loc, if £' ^ £ then £' £ a. 

Downward-closed sets. A set L C Loc is ^-closed iff for all £1,^2 € Loc, if £\ < £2 and 
£2 £ L then £ x £ L. The ^-closure of L, is the set [L = {£ £ Loc | 3£' £ L : £ H £'}. We 
denote by Max(L) the set of ^.-maximal elements of L: Max(L) = {£ £ L \ $£' £ L : £ -< £'}. 
For any ^-closed set L C Loc, we have L =|Max(L). Furthermore, if X is a partial order, 
then Max(L) is an antichain of elements and it can serve as a canonical representation of L. 

Our goal is to show that the operators involved in the fixed point formula J- a preserve 
^-closedness. This is true for union and intersection, for all relations 

Lemma 3.2. For all relations for all ^-closed sets Li,L2, the sets L\ U L2 and L\ (~)L2 
are ^-closed. 
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The next lemma shows that simulation relations are necessary (and also sufficient) 
to guarantee preservation of ^-closedness under the Pre operator. Note that many other 
notions of simulation pre-orders have been defined for Buchi automata, see [EWS05 ] Fl 

Lemma 3.3. Let A = (Loc, i, X, 8, a) be a NBW. A pre-order Loc x Loc is a simulation 
for A if and only if the following two properties hold: 

(a) the set a is ^-closed. 

(b) for all ^-closed sets L C Loc, for all a G X, Pre^(L) is ^-closed; 

Proof. First, assume that ■< is a simulation for A. Then, the set a is ^-closed by Defini- 
tion [37Q which establishes (a). To prove (b), let L C Loc be a ^-closed set and let a G X. 
For all £x G Pre^(L) there exists £ 2 G L such that £ 2 G 8(£x,a). By Definition ED for 
all £3 ^ £\ there exists £4 G Loc such that £4 ^ £2 and £4 G #(-£3, a) (see Figure [T]). So 
^4 G L since L is ^-closed and £2 6 L, and thus £3 G Pre^(L) which shows that Pre^(L) is 
^-closed. 

Second, assume that (a) and (b) hold, and show that ^ satisfies Definition 13,11 By (a), 
for all £ G a and for all £' ^ £, we have £' G a. Now, let £\, £2, £3 G Loc and a G X such that 
£ 3 ^ ^ and ^ 2 G 8{i x ,a). Consider the ^-closed set L 2 =[{£2}- By (b), the set Pre^(L 2 ) is 
^-closed and thus £3 G Pre^(L 2 )- Therefore, there exists £4 G L2 (i.e. £4 H ^ 2 ) such that 
^4 G (5(^3,cj). Hence, ■< is a simulation for A. □ 

Lemmas 13.21 and 13.31 entail that all sets computed in the iterations of the fixed point 
formula J-js, are ^-closed for any simulation -< for A. We can take advantage of this fact 
to use a compact representation of those sets, namely their maximal elements. This would 
indeed reduce the size of the sets to manipulate by the fixed point algorithms (possibly 
exponentially as we will see later). Notice that in general, this compact representation can 
make more difficult the computation of the Pre operator. To illustrate this, consider the 
example in Figure [2] where we want to compute Pre<j( j{£}). More precisely, given £ we need 
to compute the maximal elements of the ^-closed set Pre CT (].{£}). The set [{£} is delimited 
by the dashed curve in the figure. First, note that applying Pre^ to {£} would give the empty 
set from which the correct result can obviously not be extracted. Second, if we assume that 
the states £\, . . . ,£k are ^-incomparable, then the result is Max(Pre CT ( j{£})) = {£\, . . . ,£k}, 
which shows that essentially any set can be obtained, including sets of maximal elements 
that are huge or difficult to manipulate symbolically. Third, even if the result is compact 
(e.g., if £i ■< £\ for all 1 < i < k, then the result is the singleton {^1}), the computation 
may somehow require to enumerate all the £i for % = 1, 2, . . . , k where k may be for instance 
exponential in the size of the problem. 

The above remarks show that for each particular application (i.e., for each class of 
automata, and each particular simulation X that we use), we need (1) to define a predecessor 
operator Pre abs that applies to maximal elements, such that Pre abs (Max(L)) = Max(Pre(L)) 
for all ^-closed sets L, (2) to present an algorithm to compute this operator, and establish 
its correctness, and (3) to study the complexity of such an algorithm. 

Finally, note that the way to compute Max(Li nL 2 ) given Max(Li) and Max(L 2 ) should 
also be defined for each application, while for union, the following general rule applies: 
Max(Li U L 2 ) = Max(Max(Li) U Max(L 2 )). 

In the next sections, we show that the NBW that we have to analyze in the automata- 
based approach to model-checking are all equipped with a simulation pre-order that can be 



In |EWS05j . the simulation of Definition 13. II is called direct simulation. 
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Figure 2: Computing the predecessors of a ^-closed set. 



exploited to compute efficiently the intersection and the predecessor operators. Hence, we 
show that the expected efficiency in terms of space consumption of the antichain represen- 
tation does not come at the price of a blow-up in the computation times of these operators. 
We do so for the emptiness problem of ABW, and for the universality and language inclu- 
sion problems for NBW. All these problems can be reduced to the emptiness problem of 
NBW that are obtained by specific constructions (analogous of the powerset construction), 
for which simulation relations need not to be computed for each instance of the problems, 
but can be defined generically (like set inclusion is such a relation for the classical powerset 
construction) . 

4. Emptiness of ABW 

We now show how to apply Lemmas 13.21 and 13.31 to check more efficiently the emptiness 
of ABW. Let A\ = (Loci, l\, E, Si, a±) be an ABW for which we want to decide whether 
C(Ai) = 0. We know that the (exponential) Miyano-Hayashi construction gives a NBW 
A 2 = MH(yli) such that C(A 2 ) = C(A\). The emptiness of Ai (or equivalently of ^2) 
can be decided more efficiently by computing the fixed point and without constructing 
explicitly A 2 . To do so, we establish the existence of a simulation for A2 for which we can 
compute U, D and Pre by manipulating only maximal elements of closed sets of locations. 

Definition 4.1. Let MH(ii) = (Loc 2 , i 2 , E, S 2 , a 2 ). Remember that Loc 2 C 2 Loci x 2 Loci . 
Define the pre-order r? a | t C L0C2 x L0C2 such that (s,o) r< a | t {s',o') iff (i) s C s', (ii) o C o', 
and (Hi) o = iff o' = 0. 

Note that the pre-order ^ a | t is a partial order. As a consequence, given a set of pairs 
L = {(si,oi), (32,02), . . . , (s n ,o n )}, the set Max(L) is an antichain and identifies L. 

Lemma 4.2. For all ABW Ai, the partial order -< a \ t is a simulation for MH(^li). 

Proof. Let Ai = (Loci, L\, S, Si, ai) and MH(^4i) = (L0C2, 12, S, a 2 )- First, let a G E 
and (si,oi), (s 2 ,o 2 ), (s 3 ,o 3 ) G Loc 2 be such that (si,oi) -% 2 (s 2 ,o 2 ) and (s 3 ,o 3 ) ^ a | t 
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Algorithm 1: Algorithm for Pre^ l1: ( 



Data : An ABW A\ = (Loci, ti, E, 61, ax), a G E and (s',o') G 2 LoCl x 2 LoCl such 
that d C s'. 

Result : The z< a | t -antichain Pre^ lt ((s / , o')). 

begin 



1 
2 

3 

4 
5 

6 
7 



L Pre «- 0; 

o <— G Loci I o' U (s'Hai) |= 5i(£,cr)} ; 
if d % a\ V d = then 

L ^PreMM)} ; 

if o / then 

s <- {I G Loci I s' |= 5i(£,a)} ; 
L Pre <- L Pre U {(s,o)} ; 

return Lp re ; 

end 



(si,oi). We show that there exists (54,04) G L0C2 such that (53,03) — ><5 2 (54,04) and 
(54,04) r^ait (52,02)- Let us consider the case where o\ = 0. Then we have 03 = by 
definition of ^ a | t and ^((si, 01), <r) = {(s',s'\ai) \ s' \= /\i es 5i(l,a)}, this set being 
contained in S2HS3, 03), a) = {(s',s' \ a%) \ s' \= A«gs 3 °~)} as s 3 puts less constraints 
than 5i since 53 C s±. A similar reasoning holds if o\ =^ 0. Second, let (si,oi) G «2 and let 
(s2,02) ^ a it {si,oi}. By definition of a 2 , we know that o\ = 0, and by definition of ^ a | t we 
have 02 = and so (S2, 02) G a 2 . D 

According to Lemmas 13.21 and 13.31 all the sets that we compute to evaluate J-_a 2 are 
^alt-closed. We need to compute intersection and Pre by only manipulating maximal el- 
ements. Given (si, 01), (52, 02), we take (s,o) such that |(s,o) =j(si,oi)n j (52,02) as 
follows: 

U n \ _ / < s i ns 2,oi Ho 2 ) if 01 n o 2 /0, . s 

{ ' ' " 1 (SIR 5 2 ,0) if Ol =O 2 = 0, (4 ' ij 

and otherwise the intersection is empty. 

Algorithm 1 computes the maximal elements of the set of cr-predecessors of the ^it-clo- 
sure of a pair (s' , d). This allows to compute the maximal elements of the set of predecessors 
of any ^ a | t -closed set by just manipulating its maximal elements, since Pre"^(Li U L 2 ) = 
U a6E Pre^(Li)UPre;*(L 2 ). 

Note that our algorithm runs in polynomial time, more precisely in 0(|Loci| • ||<?>i||) 
where ||<5i|| is the size of the transition relation, defined as the maximal number of boolean 
connectives in a formula 5i(£,a). 

Theorem 4.3. Given an ABW Ai = (Loci, ti, E, 5i, ai), a G E and (s',d) G 2 Loci x 2 Loci 
such that d C s' , the set Lp re = Pre^. lt ((s, o)) computed by Algorithm 1 is an -< 3 \ t -antichain 
such that |L Pre = Pre^ 2 (j{(s', d)}) where A 2 = MH(ii). 

Proof. Let A 2 = MH(Ai) = (Loc 2 , t 2 , S, 5 2 , a 2 ). The following entails that |L Pre = Pre^ 2 (j 
{(s',d)}): 
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(a) L Pre CPre^a{( S ', ')}), and 

(b) for all ( Sl , 0l )GPre^a{( S ' j0 ')}), 

there exists (s,o) G Lp re such that (si,oi) ^ a it (s,o). 

To prove (a), we first show that (s, o) ^s 2 (d, d) where (s, 6) is added to Lp re at line[7| 
of Algorithm 1. By the test of lineEl we have o ^ 0. According to Definition 12,51 of MH(-), 
we check that there exists a set o" C s' such that d = o" \ a\ (we take o" = o'u(s'nai)), 
and the following conditions hold: 
(0 s ' H /\ees $i(£> cr ) since we have s' \= 5\(£, a) for all £ G s by line [6] of Alg. 1. 
(ii) o" \= /\ i€o Si(£, a) since we have o" \= 8\(l, a) for all ^ G o by line [2] of Alg. 1. 

Second, we show that (o, 0} { s ">°") f° r some (s",o") ^ a | t (s',o') where (o, 0) is 

added to Lp re at lined] of Algorithm 1. We take s" = d U (V n ai) and o" = s" \ ot\. Since 
o' C s', we have (a) s" C s', and we have (6) o" = d \ a.\ C o'. Let us establish that (c) 
o' = iff o" = 0. If d = then o" = since o" C d. If o' ^ then by the test of line El we 
have d % a± and thus o" = d \ a\ 7^ 0. Hence we have (s", o") ^ a | t (s 1 , o'), and by line [2] of 
the algorithm, we have s" \= 5i(£,a) for all £ G o, and thus s" |= f\ t&0 5\{£^a). Therefore 
(o,0)^ 2 (s",o">. 

To prove (b), assume that there exist (si,oi) and (s^o^) such that (si,oi) — ><5 2 (s^o^) 
and (s^, o^) ^ a ] t (s',o'). We have to show that there exists (s, o) G -Lp re such that (s\, o\) ^ 3 \ t 
(s,o). 

First, assume that o\ 7^ 0. Since (sj.,01) — (s^o^), we have: 
(i) for all £ G si, |= <5i(^, a) and since s[ C s' also s' |= <5i(£, cr). Let s be the set defined 

at line [6] of Algorithm 1. For all £ G Loc, if s' \= 5\(£,a) then £ G s. Hence, s\ C s. 
(ii) for all £ G 01, o'/ |= <5i(^, a) for some o'/ C s[ such that = o'{ \ ot\. Hence necessarily 
d{ C oi U (s[ n ai) Co'u (s' n ai) and thus for all £ G o x , o' U (d D a x ) \= S^i, a). Let 
o be the set defined at line [2] of Algorithm 1. For all £ G Loc, if d U (s' n ai) |= <5i(£, a) 
then £ £ o. Hence, 01 Co and o 7^ 0. 

Hence, (s,o) which is added to Lp re by Alg. 1 at line [7] satisfies (si,oi) ^ a | t (s,o). 

Second, assume that 01 = 0. Since (si,oi) — >5' (s^o^) and o\ = 0, we know that 
for all £ G s±, s' x |= <5i(£, <r) and d l = \ ai. Let s" = d U (s' n «i) so we have (a) 
s'l H ai C s' fl ai C s" and (6) \ a\ = d 1 C o' C s". Hence, C s" and thus for all 
£ G si, s" |= 5i(£,a). Let o be the set defined at line [2] of Algorithm 1. For all £ G Loc, if 
s" \= 5i(£,a) then I G o. Hence, s\ C o and (si,0) z^ a it (o, 0) where (o, 0} is added to Lp re 
by Algorithm 1 at line HI Notice that the test at line [3] is satisfied because d 1 = s\ \ a\ 
implies that o[ <£. a± V = and since (s' l5 o[) ^ a [ t (s' ; o'), we have o' % a.% V o' = 0. □ 

5. Universality of NBW 

We present a new algorithm to check universality of NBW, based the existence of a 
simple simulation relation for the complement automaton of NBW given by Definition 12.71 

Definition 5.1. Given an NBW A = (Loc, L,"E,5,a), let KVMH(^l) = (Q x Q,q„T,,6',a'). 
Define the pre-order z^ un iv Q (Q x Q) x (Q x Q) as follows: for all s,s',o,d G Q, let 
(s,o) ^ U niv (s',d) iff the following conditions hold: 

• for all (£,n) G s, there exists n' < n such that (£,n') G s'; 

• for all (£, n) G o, there exists n' <n such that (£,n') G o'; 
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• O = iff d = 0. 

This relation formalizes the intuition that it is easier to accept a word in KVMH(.A) 
from a given location with a high rank than with a small rank. This is because the rank 
is always decreasing along every path of the runs of KV(^l), and so a small rank is always 
simulated by a greater rank. Hence, essentially the minimal rank of each location of s and 
o is relevant to define the pre-order ^ un iv The third condition requires that only accepting 
states simulate accepting states. 

Lemma 5.2. For all NBW A, the pre-order ^ un iv is a simulation for the NBW KVMH(„4,). 

Proof. Let A = (Loc, l, E, 8, a) and KVMH(^) = (Q x Q, q L , S, 8', a'). First, we show that 
for all (si,oi), (s 2 ,o 2 ), (s 3 ,o 3 ) G Q x Q, for all cr G E, if (si,oi) (s 2 ,o 2 ) and (s 3 ,o 3 ) < 
(si,o\) then (s 3 ,o 3 ) — ^ (^2,02). Notice that we have trivially (52,02) z^univ ($2,02). We 
give the proof for 01 7^ 0. The case 01 = is proven similarly. According to Definition 12.71 
since {s\,oi) —>§> (52,02) we have 

(i) \f(£, n x ) G si • W G 8(£, a) ■ 3n 2 < m : (f , n 2 ) G 5 2 and 

(ii) \/(£, rai) G 01 • W G <5(£, cr) • 3n 2 < n x : (£', n 2 ) G o 2 

Since (53,03) ^ (51,01), we have 03 7^ and 

(i 1 ) ^(£,713) G 53 • 3n\ < 723 : (£,n\) G si and 
(ii') V(^,n 3 ) G o 3 • 3m < n 3 : £ 01 

Combining (i) and yields V(£, ra 3 ) G 5 3 • W G 5(£,a) ■ 3n 2 < n 3 : (£',712) G 52 :, and 
combining (ii) and yields \/(£, n 3 ) G o 3 • W G o) • 3n 2 < n 3 : (£',712) G 02. Since 
o 3 / 0, this implies that (53,03) (s2,o 2 ). 

Second, for all (5, o) G a' we have o = 0, and thus for all (5', o') G Qx Q, if (s', o') X (s, o) 
then o' = so that (s', o') G a'. 

Hence ^ un iv is a simulation for KVMH(„4). □ 

According to Lemmas 13.21 and 13.31 all intermediate sets that are computed by the 
fixed point Tjp to check emptiness of A c = KVMH(^l) (and thus universality of A) are 
r^univ-closed. Since z< un iv is not a partial order, the set Max(L) for a ^ un i v -closed set L 
may contain several ^ un i v -equivalent elements (x and y are ^ un j v -equivalent if x z< U niv V 
and y z< un iv x). For example, the set {{{(£, 3), (£', 4)}, 0)} is ^ un j v -equivalent to the set 
{{{(£, 3), (£, 4), 4)}, 0)}. In fact Max(L) is a union of ^ un i v -equivalent classes. Hence, 
the size of Max(L) can be reduced by keeping only one canonical element for each z^ un iv- 
equivalent class. Given a set 5 G Q, define its characteristic function f s : Loc — > N U {00} 
such that f s (£) = inf{n | (£,n) G s} with the usual convention that inf = 00. Note that if 
f s (£) 7^ 00, then f s (£) is even for all £ G a. 

Let f,g,f',g' be characteristic functions. Let max(/, /') be the function /" such that 
f"(£) = max{f(£), f'(£)} for all £ G Loc. We denote by / the function such that f 9 (£) = 00 
for all £ G Loc. We write / < /' if for all £ G Loc, f(£) < f'(£) and we write </, g) < (/', g') 
if / < /', g < 5 ; and g = f® i& g = f®- Notice that < is partial order over characteristic 
functions, and that if s C s', then / s / < / s for all s,s' G Q. The following lemma is a 
corollary of Definition 15.11 

Lemma 5.3. For all sets s, s', o, o' G Q, {fs'-, fo') < (/s> /o) on/y i/ (5, o) z< un iv (s', o'). 

Define [/]= {s G Q | 3d G Q : 5 C 5' A = /} and [(/,<?)] = {(s,o) | (f,g) < (f s ,f )}. 
We extend the operator [•] to sets of pairs of characteristic functions as expected. Notice 
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that / < /' iff [/']C[/|, that [max(/, /')] = [/! n [/'], and a corollary of Lemma E3 is that 
the <-minimal elements of a set L of pairs of characteristic functions represents exactly the 
^univ-maximal pairs (s,o) of [LJ. 

Now, we show how to compute efficiently U, n and Pre for A univ -closed sets that are 
represented by characteristic functions. Let L%,L2 be two sets of pairs of characteristic 
functions, let L\j be the set of <-minimal elements of L\ U L 2 , and let L n be the <-minimal 
elements of the union of: 

{(max(/ s , f s >), max(/ , f >)) \ (f s , f a ) G L x A (f s >, f >) G L 2 A max(/ , f Q >) / / } and 

{(max(/ 8 ,/ s /),/ e ) I (f s ,h) GiiA (f s >,f$) G L 2 }. 
By Equation ()4. 1[) and by the previous remarks, we have: 

[LuH^i] U [L 2 ] and [L n ]=[£i] D [L 2 ]. 

To compute Pre CT (-) of a single pair of characteristic functions, we propose Algorithm 2 
whose correctness is established by Theorem 15.41 Computing the predecessors of a set of 
characteristic functions is then straightforward using the algorithm for union of sets of pairs 
of characteristic functions since 

p re KVMH(^) (L)= J Jp re KVMH(^) W _ 

In Algorithm 2, we represent 00 by any number strictly greater than k = 2(|Loc| — \a\), and 
we adapt the definition of < as follows: / < /' iff for all £ G Loc, either f(£) < f'{£) or 
f'(£) > k. In the algorithm, we use the notations [~n] odd for the least odd number n' such 
that n' > n, and [n] even for the least even number n! such that n' > n. 

The structure of Algorithm 2 is similar to Algorithm 1, but the computations are 
expressed in terms of characteristic functions, thus in terms of ranks. For example, lines SH5] 
compute the equivalent of line [2] in Algorithm 1, where a\ corresponds here to the set of 
odd-ranked locations, and thus contains no a-nodes. Details are given in the proof of 
Theorem 15.41 

Theorem 5.4. Let A = (Loc, i, S, 6, a) be a NBW, a € S, and (f s ',fo') be a pair of 
characteristic functions such that f s / < f a i. The set Lp re = Pre" mv ((/,/, f /)) computed by 

Algorithm 2 is such that [Lp re ]= PreCT VMH ^([(/ s ', fo')\) and for all (f s ,fo) S Lp re , we have 
fs < fo and fs{£) and f (£) are even for all £ € a. 

Proof Let A c = KVMH(^l) = (Q x Q,g t) S,5',a'}, and let (s',o') be a pair of sets whose 
characteristic functions are (/ s ',/ ') and d C s' (such a pair exists because / s ' < f >). We 
show that (a) [L Pre ]C Pref ([(/,, , f ,)j) and (b) Pref ([(/,,, f ,)j) C[L Pre ]. 

To prove (a), first consider a pair (f s ,fo) added to Lp re at line [13] of Algorithm 2 and 
let (s,o) G[(/ s ,/o)]- We show that (s,o) -^<j/ (s',o') and f s < f a . 

By the test of line[9l we have f Q 7^ f$ and therefore o 7^ 0. According to Definition 12.71 
of KVMH(^4), we have to check that there exists a set o" C s' such that o' = o" \ odd (we 
take o" = d U (s' D odd)), and the following conditions hold: 

{%) V(£, uJes^We a) • 3n' < n : {£', n') G s'. 

Observe that for all £ G Loc, for all £' G 5(£,<7), we have f s >{£') < f s {£) (lines EH2] 
of Algorithm 2). Since f s (£) < ^ (by definition of characteristic functions), we take 
n' = f s '(£') so that we have n' < / s (^) < n and (f ,n') G s'. 
(ii) V(£, n) G o ■ Vf G <5(^, a) • 3n' < n : (£', n') G o". 
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Since o" = d U (s' n odd), we have f »(£') = /</(/) for £' £ a and / »(f ) = 
min{/ /(f), \f s '(i')] odd } for f g a. Now, for all £ G Loc, for all £' G 5(£,a), we have 
either £' G a and then > n! for n' = f '(£'), or £' g a and then > n! for 

n' = mm{f ,(£'), [/ s /(f )] odd } (lines [IE] of Algorithm 2). In both cases, for (£,n) G o 
we have f „(£') < n' < f Q (£) < n and (£' ,n') G o". 

Moreover, we prove that: 

(Hi) fs < fo- 

Since f s , < f ,, we have for all £' G Loc either f >(£') > k or / Q /(f ) > f s i{£'). By 
linesHlilof Algorithm 2, we have for all I G Loc, for all l' G <5(£, a) either f (£) > f ,(£') 
or / (f) > \f s '(£')] odd , and thus either f a (£) > k or > f s ,(£'). Hence, we have 

for all I G Loc either f Q (£) > fc or / (£) > max{/ s /(f) | f G <5(^a)}. Therefore, by 
lines [HI2] of Algorithm 2, £ g a, then / (^) > k or / (^) > f s (£), and if £ G a, then 
/ (£) is even (line ED and thus either f Q (£) > k or / (£) > [max{/ s ,(f) | £' G <5(^,(t)} 
l even = f s (i). In all cases, f s < f Q . 
(iv) W G a : / s (^) and / o (-0 are even. 

This is enforced by line [12] and line [6] of the algorithm. 
Second, consider a pair (/„, /0) added to Lp re at lineEl and let (s, 0} G[(/ , /q)]]. Notice that 
fo < /© and that f (£) is even for all £ G a by (it>). We show that there exists (s" , o") ^umv 
{s',o'} such that (s,0) (s",o"). We take s" = d U (s' n odd) and o" = s" \ odd. Since 
d C s', we have (1) s" C s', and we have (2) o" = d \ odd C d . Moreover, if d ^ 0, then 
there exists let (£, n) G d for some £ G Loc and even number n, since the maximal rank 
k = 2(|Loc| - |a|) is even. So (£,n) G o" and thus o" ^ 0. Since o" C o', we have (3) o' ^ 
iff o" 0. Hence (s", o") < univ { s ',o'). The fact that (/oj0) — ►S' i s "i ") is proven similarly 
to (ii). 

To prove (b), assume that there exist (si,oi) and (s^o^) such that (si,oi) — »a> (5^,0^) 
and (s'^oi) G[(/ s /, /„/)]. We have to show that (si,oi) G[L Pre ], i.e., (/ S1 ,/ 01 ) > (/ s , / ) for 
some (/ s; / ) G L Pre . 

First, assume that o\ 7^ 0. Notice that /<,/ > f s i and / ' > since (s' 1 ,d 1 ) g[(/ s ', / ')1i 
From the fact that (si,oi) — >$' (si,o'i), we get: 

(») for all (^ni) G si, for all f G 5(£,cj), m > > /4(f) and thus m > / s /(f). 

Hence, for all £ G Loc we have f Sl (£) > max{f s >(£') \ £' G 5(1, a)} = f s (£), where f s 
is computed by line [TT] of Algorithm 2) for I ^ a. We also have f si (£) > f s (£) (see 
line 1121 of Algorithm 2) for £ G a, as f si (£) is even in that case. Thus, / s < / S1 . 
(ii) for all il^n-i) G 01, for all G 5(£,a), 712 > foi(£) > fo'{(^') f° r some set o'/ such that 
o'l C sj and d[ \odd = o^. Therefore o" C U (s^Plodd) and thus f " > /</ u(s' nodd) — 
/o'u(s'nodd) since > f s > and / / > f a >. Hence, for all £ G Loc either / Ql (£) > k or 
foi(£) — fo(£) (where f a is computed at lines [T][6] of Algorithm 2). Thus, f < f Ql . 
(in) By our assumption that o\ 7^ 0, we have f Ql ^ fy, and so f Q 7^ /0 by (ii). 

Hence, the pair {f s , f Q ) added to Lp re by Algorithm 2 at line [T3l satisfies (/ Sl , f Ql ) > (f s , f a ) 
and thus (si,oi) G[Lp re ]. 

Second, assume that 01 = 0. Let s" = d U (s' n odd). Since (si,oi) — ( s i;°i) an d 
o\ = 0, we have d l = \ odd. Next, we use several times the fact that u Q v implies 
fv < fu- Since > f s > and > f a >, we have (1) / s ' inodd > / s 'nodd > fs" and (2) 
/s'^odd = fo[ > fo' > fs"- By (1) and (2), we get easily > f B ». Now, by the fact that 
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Algorithm 2: Algorithm for Pre" mv (-). 

Data : A NBW A = (Loc, i, £, 8, a), a £ E, and a pair {f s i, f Q /) of characteristic 

functions. 
Result : The set Pre u ™((f s ,, f ,)). 
begin 

for each I € Loc do 

fo(£) - ; 

foreach £' € 5(£, a) do 

if £' e a then / Q (f) <- max{/ (f), / ,(f )} ; 
else f (£) <- ma X {/ W,min{/ ,(f), )] odd }} ; 

if ^ G a then / (£) <— r/oWl even ; 

^Pre <— {(/o, /o)} ; 

fe <- 2(|Loc| - \a\) ; 
if 3£ : f (£) < k (i.e. o ^ 0j then 

foreach £ £ Loc do 

/^)^max{/ s ,(f) |f € J(*,<r)} ; 
if £ € a then <- r/ s (f)l even ; 

L Pre <— L Pre U {(/ s , /o}} ; 
return Lp re ; 
end 



(si,oi) — >g' (s'xjo'i), we know that for all (£,nx) € si, for all £' € <5(£, a), n\ > f s ' {£') and 
thus n\ > f s "(£')- Notice that f (£) = max{/ s «(l") | £' 6 <5(£, <r)}, where /„ is computed at 
lines [T]l6] of Algorithm 2. Thus, > f (£) for all £ € Loc and therefore / Sl < f a so that 
(si,oi) G[(/o, /©)] where {f ,f$) is added to Lp re by Algorithm 2 at line[T3l □ 

Algorithm 2 computes the predecessors of a pair (f s ',fo') in time 0(|Loc| 2 ), which 
is polynomial in the size of the input, even though the number of pairs (s', o') that are 
represented by the pair {f s ',fo') and by the computed set Lp re can be of exponential size. 
For example, the set a' = Qx {0} with an exponential number of elements is represented by 
the unique pair (f s ,f$) where f s (£) = for all £ G Loc. Hence the compact representation 
that we propose does not come with an execution time blow-up, which makes the new 
approach much more efficient in practice. 



6. Implementation and Practical Evaluation 



The randomized model. To evaluate our new algorithm for universality of NBW and 
compare with the existing implementations of the Kupferman-Vardi and Miyano-Hayashi 
constructions, we use a random model to generate NBW. This model was first proposed 
by Tabakov and Vardi to compare the efficiency of some algorithms for automata in the 
context of finite words automata [TV05] and more recently in the context of infinite words 
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automata [TV07| . In the model, the input alphabet is fixed to E = {0,1}, and for each 
letter a E S, a number k a of different state pairs (£,£') £ Loc x Loc are chosen uniformly at 
random before the corresponding transitions (£, a, £') are added to the automaton. The ratio 
r a = yj^j is called the transition density for a. This ratio represents the average outdegree 
of each state for a. In all experiments, we choose ro = r\, and denote the transition density 
by r. The model contains a second parameter: the density f of accepting states. There is 
only one initial state, and the number m of accepting states is linear in the total number of 
states, as determined by / = tt^t- The accepting states themselves are chosen uniformly 
at random. Observe that since the transition relation is not always total, automata with 
/ = 1 are not necessarily universal. 

Tabakov and Vardi have studied the space of parameter values for this model and argue 
that "interesting" automata are generated by the model as the two parameters r and / vary. 
They also study the density of universal automata. 

Performance comparison. We have implemented our algorithm to check the universality 
of randomly generated NBW. The code is written in C with an explicit representation for 
characteristic functions, as arrays of integers. All the experiments are conducted on a 
biprocessor Linux station (two 3.06Ghz Intel Xeons with 4GB of RAM). 

Figure [3] shows as a function of r (transition density) and / (density of accepting states) 
the median execution times for testing universality of 100 random automata with |Loc| = 30. 
It shows that the universality test was the most difficult for r = 1.8 and / = 0.1 with a me- 
dian time of 11 seconds. The times for r < 1 and r > 2.8 are not plotted because they were 
always less than 250ms. A similar shape and maximal median time is reported by Tabakov 
for automata of size 6, that is for automata that are five times smaller [TV07]. Another pre- 
vious work reports prohibitive execution times for complementing NBW of size 6, showing 
that explicitly constructing the complement is not a reasonable approach [GKS V03] . The 
density of universal automata in the samples is shown in Figure HI The density increases 
when states have more transitions, while it seems less sensitive to the density of accepting 
states. The difficult instances correspond to the values of the densities of transitions and 
accepting states for which the probability to be universal is close to a half. Analogous 
results have been observed in [TV07] . 

To evaluate the scalability of our algorithm, we have run the following experiment. For 
a set of parameter values, we have evaluated the maximal size of automata (measured in 
term of number of locations) for which our algorithm could analyze 50 over 100 instances in 
less than 20 seconds. We have tried automata sizes from 10 to 1500, with a fine granularity 
for small sizes (from 10 to 100 with an increment of 10, from 100 to 200 with an increment 
of 20, and from 200 to 500 with an increment of 30) and a rougher granularity for large 
sizes (from 500 to 1000 with an increment of 50, and from 1000 to 1500 with an increment 
of 100). 

The results are shown in Fig.[5l and the corresponding values are given in Table [TJ The 
vertical scale is logarithmic. For example, for r = 2 and / = 0.5, our algorithm was able to 
handle at least 50 automata of size 120 in less than 20 seconds and was not able to do so 
for automata of size 140. In comparison, Tabakov and Vardi have studied the behavior of 
Kupferman- Vardi and Miyano-Hayashi constructions for different implementation schemes. 
We compare with the performances of their symbolic approach which is the most efficient. 
For the same parameter values (r = 2 and / = 0.5), they report that their implementation 
can handle NBW with at most 8 states in less than 20 seconds [TV07| . 
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Median execution time 




Figure 3: Median time to check uni- 
versality of 100 automata 
of size 30 for each sample 
point. 



Figure 4: Density of universal au- 
tomata for the samples of 
Figure [3l 
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Figure 5: Automata size for which the median execution 
time to check universality is less than 20 seconds 
(log scale) . See also Table [TJ 



Table 1: Automata size (NBW) for which the median execution time for checking univer- 
sality is less than 20 seconds. The symbol oc means more than 1500. 
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In Figure EJ we show the median execution time to check universality for relatively 
difficult instances (r = 2 and / vary from 0.3 to 0.7). The vertical scale is logarithmic, 
so the behavior is roughly exponential in the size of the automata. Similar analyzes are 
reported in |TV07j but for sizes below 10. 

Finally, we give in Figure [7] the distribution of execution times for 100 automata of 
size 50 with r = 2.2 and / = 0.5, so that roughly half of the instances are universal. Each 
point represents one automaton, and one point lies outside the figure with an execution 
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Scalability analysis 
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Figure 6: Median time to check 
universality (of 100 au- 
tomata for each sample 
point). 



Figure 7: Execution time to check 
universality of 100 au- 
tomata, 57 of which 
were universal. 



time of 675s for a non universal automaton. The existence of very few instances that are 
very hard was often encountered in the experiments, and this is why we use the median 
for the execution times. If we except this hard instance, Figure [7] shows that universal 
automata (average time 350ms) are slightly easier to analyze than non-universal automata 
(average time 490ms). This probably comes from the fact that we stop the computation of 
the (greatest) fixed point whenever the initial state is not in the -^ un i v -closure of the current 
approximation. Indeed, in such case, since the approximations are --< un i v -decreasing, we 
know that the initial state would also not lie in the fixed point. Of course, this optimization 
applies only for universal automata. 



7. Language Inclusion for Buchi automata 

Let Ai = (Loci, Li, S, Si, a%) and A<i be two NBW defined on the same alphabet £ for 
which we want to check language inclusion: £(Ai) C ? £(_4 2 )- To solve this problem, we 
check emptiness of C{Ai) fl C C (A2)- As we have seen, we can use the Kupferman-Vardi and 
Miyano-Hayashi construction to specify a NBW A\ = (L0C2, 12, S, 62, 012) that accepts the 
complement of the language of A2 ■ 

Using the classical product construction, let B = A±x A\ be a finite automaton with set 
of locations Locg = Loci x L0C2, initial state lq = (ti,t2)) an d transition function 5q such 
that Sb((£i,£2),ct) = 5i{l\,a) x 5 2 (^2 , cr). We equip B with the generalized Buchi condition 
{Piiftz} = {&i x L0C2, Loci x a 2 }, thus asking for a run of B to be accepting that it visits 
Pi and P2 infinitely often. It is routine to show that we have C(B) = C(Ai) H £(^2)- The 
following fixed point 

T' B = vy (fxxi ■ [Pre B (x 1 ) U (Pre B (y) flft)]n /xx 2 • [Pre B (x 2 ) U (Pre B (y) n (3 2 )] ) 

can be used to check emptiness of B as we have C{B) 7^ iff i& G T' B . We now define the 
pre-order <- mc over the locations of B: for all (^1,^2), (^"1^2) e Locg, let (^1,^2) ^inc (^1^2) 
iff li =£[ and ^2 ^univ^ 2 - 

We extend the definition of simulation relation ^ (Definition I3.1|) to generalized Biichi 
automata B by asking that for each the relation ^ is a simulation for B with accepting 
states fa. 

Lemma 7.1. The relation ^~- mc is a simulation for B . 
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Proof. First, observe that equality is a simulation relation for A±. Then, the first condition 
of Definition 13. II is a direct consequence of the fact that equality (resp. ^ U niv) is a simulation 
relation for Ai (resp. for A 2 ), and that B = A% X A\ is the product of these automata. 
Second, it is easy to see that the sets j3\ and f3 2 are ^j nc -closed. □ 

As a consequence of the last lemma, we know that all sets that we have to manipulate 
to solve the language inclusion problem using the fixed point J-L are ^i nc -closed. The 
operators U, Ci and Pre can be thus computed efficiently, using the same algorithms and 
data structures as for universality. In particular, let Pre^ ^,^) = P^aC^i) x Pre" niv (^2) 
where Pre" niv is computed by Algorithm 2 (with input A 2 ). It is easy to show as a corollary 
of Theorem El that jPre™ ^, t' 2 ) = Pref {i{{£[, £' 2 )}). 

8. Conclusion 

We have shown that the prohibitive complementation constructions for nondeterministic 
Biichi automata can be avoided for solving classical problems like universality and language 
inclusion. Our approach is based on fixed points computation and the existence of simulation 
relations for the (exponential) constructions used in complementation of Biichi automata. 
Those simulations are used to dramatically reduce the amount of computations needed to 
decide classical problems. Their definition relies on the structure of the original automaton 
and do not require explicit complementation. 

The resulting algorithms evaluate a fixed point formula and avoid redundant compu- 
tations by maintaining sets of maximal elements according to the simulation relation. In 
practice, the computation of the predecessor operator, which is the key of the approach, 
is efficient because it is done on antichains of elements only. Even though the classical 
approaches (as well as ours) have the same worst case complexity, our prototype implemen- 
tation outperforms those approaches where the structural properties of the complement 
automaton (witnessed by the existence of simulation relations) is not exploited. The huge 
gap of performances holds over the entire parameter space of the randomized model pro- 
posed by Tabakov and Vardi. 

Applications of this paper go beyond universality and language inclusion for NBW, as we 
have shown that the methodology applies to alternating Biichi automata for which efficient 
translations from LTL formula are known [GOOlj, Significant improvements in the model- 
checking and satisfiability problem of LTL can be achieved with the same ideas [DDMR08b, 
IDDMR08a| . 

Acknowledgment. We thank two anonymous reviewers for helpful comments and sugges- 
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